package com.kang.config;


import com.kang.filter.ScFilter;
import com.kang.handler.*;
import lombok.extern.slf4j.Slf4j;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;

import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;

import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;


@EnableWebFluxSecurity
@Slf4j
@EnableReactiveMethodSecurity
public class SecurityWebfluxConfig<ScAccessDeniedHandler> {

    @Autowired
    private ScSecurityContextRepository scSecurityContextRepository;

    @Autowired
    private ScAuthenticationManager scAuthenticationManager;

    @Autowired
    private ScAuthorizationManager scAuthorizationManager;

    @Autowired
    private ScAuthenticationEntryPoint scAuthenticationEntryPoint;

    @Autowired
    private com.kang.handler.ScAccessDeniedHandler scAccessDeniedHandler;

    //security的鉴权排除列表
    private static final String[] excludedAuthPages = {
            "/admin/system/index/**",
            "/admin/api/ucenter/wx/**",
            "/user/login/**",
            "/oss/**"

    };

    /**
     * 访问权限授权
     *
     * @param http
     * @return
     */
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.csrf().disable()
//                .formLogin().loginPage("/admin/system/index/login").and()//指定登录请求路径
                //根据配置顺序进行操作
                .securityContextRepository(scSecurityContextRepository) //存储认证信息
                .authenticationManager(scAuthenticationManager) //自定义认证管理
                .authorizeExchange(exchange -> exchange // 请求拦截处理
                        .pathMatchers(excludedAuthPages).permitAll()
                        .pathMatchers(HttpMethod.OPTIONS).permitAll()
                        .pathMatchers("").hasAnyRole("user")
                        .pathMatchers("").hasAnyRole("admin")
                        .anyExchange().access(scAuthorizationManager) //自定义权限
                )
//                .logout().logoutUrl("/admin/system/index/login").and()
                .addFilterAfter(new ScFilter(), SecurityWebFiltersOrder.AUTHORIZATION) //拦截处理
                .exceptionHandling().accessDeniedHandler(scAccessDeniedHandler) //权限认证失败
                .and()
                .exceptionHandling().authenticationEntryPoint(scAuthenticationEntryPoint); //认证失败
        return http.build();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }



    public static void main(String[] args) {
        System.out.println(new BCryptPasswordEncoder().encode("123456"));
    }
}
